Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Port 11890

From: Scott Nursten <scottn () s2s ltd uk>
Date: Thu, 26 Sep 2002 13:19:42 +0100
Hi Guys, 

Got a lot of traffic destined for TCP/11890 on my network. This has been
steadily increasing over the past 48 hours and is starting to bug me a
little now. Here's a breakdown...

14416 attempts over the past 48 hours.
 3636 on Sep 24.
 8844 on Sep 25.
 2586 today (1300 Sep 26)

  163 different src hosts from 38 different class A's

The lightest hosts have sent 2 packets (nothing under 2) and the heaviest
host has sent 4614 packets. Source ports on a fairly random increment - so
seems OS based - doesn't resemble a packet injection suite at any rate...! 4
attempts from each src port and then it moves on up...!

It seems all of these hosts are Win2k / XP hosts and most seem to be
DSL/cable subscribers...!

Anyone know what this is?


Kind Regards, 

-- 
Scott Nursten
--------------------------
S2S Consultants
T: 01444 232 742
F: 01444 232 061
W: http://s2s.ltd.uk
E: scottn () s2s ltd uk
--------------------------


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: